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SECURE DIGITAL CONTENT LICENSING SYSTEM AND 

METHOD 

Related Applications 

5 

Tliis application claims priority to Provisional Application No. 
60/195,870, filed April 7, 2000, and to Provisional AppUcation No. 60/273,444, 
filed March 5, 2001, each of which is hereby incorporated by reference. The 
present invention also relates to U.S. Patent Application Serial No. 09/603,805, 

10 filed June 20, 2000 (for which a Petition to Convert Non-Provisional Application 
to Provisional Application Under 37 CFR 1.53(c)(2) was filed March 16, 2001 via 
U.S. Express Mail Label No. EL752586903US, our file number 041892-0208, 
decision of petition and provisional serial number unknown at this time), is 
incorporated herein by reference and which forms a basis for priority. The present 

15 invention also relates to U.S. Patent Application Serial No. , titled 

"Online Digital Video Signal Transfer Apparatus and Method," filed April 4, 
2001 (attorney docket no. 041892.0207), which is incorporated herein by 
reference and which forms a basis for priority. The present invention also relates 
to U.S. Patent Application Serial No. titled "Website System 

20 And Process For Selection And Delivery Of Electronic Information On A 

Network," filed April 6, 2001 (attorney docket no. 041892.0205); and U.S. Patent 

Application Serial No. , titled "System and Process For Delivery 

Of Content Over A Network," filed April 6, 2001 (attorney docket no. 
041892.0206), each of which is incorporated by reference in its entirety. 

25 Background of the Invention 

1 . Field of the Invention 

The invention relates generally to systems and processes for 
securmg licenses for content oyer a network and, in particular embodiments, to 
systems and processes for controlling access to content items with licenses 
30 delivered over the Internet or other suitable network. 
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2. Description of Related Art 

The Internet is a global network which allows users to access server 
network device from the user's personal computer or other user network-enabled 
device. As the Internet has grown, more and more users are taking advantage of 
5 the niany lifestyle inq>rovements whidi the Internet provides. One of these 

improvements is a new medium for commerce, commonly referred to as electronic 
commerce (or Ecommerce). Users are able to shop on-line at home for many of 
* the items, such as books, toys, video games, and movies, that they used to 
purchase in brick and mortar stores. Some of these items are delivered to the user 
10 by traditional package delivery methods. Others, such as music and video, may be 
downloaded as large files to the user over a communication link. Typically, the 
Internet merchant would like to control access to content such that only the 
customer who paid for the delivered content will be able to enjoy access to that 
content. 

13 Along with the growth in Internet commerce, however, there has been a 

corresponding growth in security concerns. Internet merchants are encountering 
many instances of unauthorized use of content by Internet users who have not 
legitimately purchased a right to access the content. This unauthorized use of 
content may be the result of users swapping downloaded files with other users or 

20 obtaining the content by other fraudulent means. 

There exist many methods of content protection. File encryption me&ods 
provide limited protection. In addition, methods to verify that a particular user is 
an authorized user are constantly unproving. However, code breaking techniques 
improve apace with inq)roved encryption methods and it remains a problem to 

25 authenticate the identity of a particular user due to the sheer number of users on 
the Internet and due to sophisticated methods of impersonating not only other 
users, but also the computers of other users. 

Therefore, there is an increasing need among Internet content providers to 
ensure only authorized use of the content which they provide to paying customers. 
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Summary of the Disclosure 

Embodiments of the present invention overcome the problems in the 
existing art described above by providing a secure digital content licensing system 
and method. Embodiments of the invention operate within an online environment 
5 including one or more user network'-enabled devices and one or more server 
network devices connected by a communications link to the one or more user 
network-enabled devices. 

A method according to an embodunent of the invention includes providing 
access to content stored within a memory of one or more content servers. A user 

10 contacts a main website. The main website displays to the user the content that is 
available. The user may then select and download content to die user network- 
enabled device. Because the content is not accessible to the user in a user- 
perceptible form without a license, the user will be required to obtain a license 
either before, after, or at the same time the content is downloaded. 

15 The user's request for a license for specific content may comprise 

information about a desired rental model, an expiration date for the rental model, 
and information that identifies the user network-enabled device, along with other 
' information. Based on this icfbrniation and other information^^ 
a network operations center, a license for the content is generated which comprises 

20 this information along with any additional mformation added at the time of license 
generation, for example, an encryption key for the requested content. The license 
is then transferred to a protected database on the requesting user network-enabled 
device. 

Media player and security technology residing on the user network-enabled 
2S device provides protection against unauthorized access to the content by ensuring 
that only licensed content is presented in a user-perceptible form and is only 
accessed according to the rental model contamed in the license. Media player and 
security technology also provides security against tampering by performing 
mtegrity checks which authenticate various components of the media player and 
30 security technology itself, along with other components within the user network- 
enabled device. 
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Advantages of the invention include the ability to securely control 
access to content by providing a system and method for generating a license for 
content that is associated with that content and can only be enabled for that 
particular content. In addition to being related to its associated content, the license 
5 is also related to the particular user network-enabled device to which the license is 
downloaded. Further, tho license is related to the particular media player that 
resides on that user network-enabled device at the tune the license is downloaded. 

Before a license is enabled, the license must be authorized by the 
media player and security technology which examines the license to determine if 

10 the above-named conditions exist, i.e. if the license is associated with the 

particular content that the user is attempting to access, and if the user network- 
enabled device and media player with which the user is attempting to access the 
particular content are the ones related to that license. If these conditions are 
satisfied, then the license will be enabled and the user will be able to access the 

15 particular content in a user-perceptible form based on a particular rental model for 
that particular content. 

In one embodiment, licenses are based on a rental model which 
restricts access to die particular content to widim a certain time frame. Thus, in 
one embodiment the user may access the content a defined number of times within 

20 the time frame. In yet other embodiments, a license based on a purchase model 
allows the user to access content an unlimited number of times on any user 
network-enabled device. 

Further advantages of the invention include die ability to revoke a 
• previously issued license to access particular content on particular media players 

25 within particular media and security procedure environments. In addition, the 

present invention provides a system and method for issuing revocation certificates 
to particular user network-enabled devices that inhibit playmg of particular content 
or the playing of content within a particular media and security procedure 
environment. In one embodiment, revocation certificates are periodically 

30 downloaded to user network-enabled devices. In another embodiment, revocation 
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information is downloaded to user network-enabled devices by being embedded in 
a requested license for selected content. 

Brief Description of the Drawings 

The present invention is illustrated by way of example, and not by way of 
5 limitation, in the figures of the acconq)anying drawings and in which: 

FIG. 1 is a simplified view of an exemplary client-server environment in 
which embodunents of the present invention may be hiqplemented; 

FIG. 2 is a simplified block diagram view of a user network-enabled device 
connected to a network operations center according to an embodiment of the 
10 mvention; 

FIG. 3 is a simplified block diagram view of a license generation process 
according to an embodiment of the invention; 

FIG. 4 is a functional block diagram view of a user network-enabled device 
according to an embodiment of the invention; 
15 FIG. 5 is a simplified block diagram of functional components representing 

a software implemented media player and security technology according to an 
embodiment of the invention; 

FIG. 6 shows a flowchart of process steps for controlling authorized 
viewing of content according to an embodiment of the invention. 

20 Detailed Description of Various Embodiments 

Embodunents of the present invention address needs in the industry 
as described above by providmg a secure digital content licensing system and 
method, for example enabling onhne rental, purchase and/or delivery of digitally 
encoded motion pictures. Systems and processes according to embodiments of the 
25 present invention provide a content owner or holder with a mechanism for 

controlling distribution of content to users by allowing users to access the content 
through a network. One exanq)le model for the system and process is a movie 
rental system for downloading inovie files to customers across the Internet. Other 
embodiments may involve delivery of other types of content including, but not 
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limited to, music files, still image files, game programs, other software or data, 
and combinations thereof. Moreover, other embodiments may employ distribution 
of encoded physical media, or wide area or local area networks. For purposes of 
simplifying the present disclosure, embodiments described herein are primarily 
5 with reference to a movie rental service. However, it will be readily understood 
that aspects of the invention may be employed in oAer suitable content delivery 
applications as noted above. 

In the following description, reference is made to the accompanying 
drawings which form a part hereof, and in which are shown by way of illustration 
10 specific embodiments in which the invention may be practiced. It is to be 

xmderstood that other embodhnents may be utilized and structural changes may be 
made without departing firom the scope of the various embodiments of the present 
invention- 

In one embodiment, a secure movie licensing system and method 

IS provides data stored on a computer system to a user across a network connection. 
The transfer may be accomplished in various ways, including, but not limited to, 
download to memory storage, streaming video, audio, or a combination, across 
various types of connections, mcluding, but not Imiited to, the Internet, private or 
public networks, direct wire or fiber connections, wireless connections, broadcast 

20 systems (e.g., cable systems, satellite systems, broadcast television systems, 
broadcast digital television systems) or a combmation of connections. In other 
embodiments the movie is encoded on tangible media and physically distributed. 

Further embodiments of die invention relate to aspects of securely 
licensing electronic files. For clarity, the description focuses on implementations 

23 for digital data signals comprismg video and audio information which include 

digitally encoded movies (referred to as "movies" or "videos"). However, many 
or all of the methods and system described may be readily adapted to apply to 
electronic files of other types as well, such as digitally encoded songs, books, 
television programming, radio programming, and any other content (audio, video, 

30 text, etc.) which may be digitized or encoded and stored as an electronic file. 
Also, control information including, but not limited to, video aspect ratio, 
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resolution, and audio playback parameters may also be included in the electronic 
ffle. 

Some eiobodiments of the invention relate to implementations for a 
network movie (hereafter "video **) server computer system accessible through the 
5 World Wide Web and the Internet as a website (referred to as the ""main website") 
and providing access to a library of movie files. However, many or all of the 
methods and systems described may be readily adapted to other data comiections as 
well, including, but not limited to, other Internet connection interfaces (e.g. , an 
FTP server), private networks (e.g., a network provided by an ISP for its 

10 subscribers), and direct connections (such as a directly wired set of stations in a 
limited area such as a hotel). 

In addition, further embodiments relate to implementations where 
the user accesses and downloads electronic files using a computer system. 
However, many or all of the methods and systems described may be readily 

IS adapted to other user network-enabled devices (UNDs) which the user may use to 
access and download data from the server as well, such as a set-top box, or a 
television, with a connected telephone, or cable modem and available storage 
memory (such as a hard disk), or some other device with a network connection 
which may access the server and a storage device for storing a downloaded file. 

20 Additional variations may also be implemented such as interfaces for wireless 
telephones, set-top-boxes, PDAs, AVHDD devices (such as a SONY "Tivo" 
device), and for satellite download capability. 

Any necessary adaptations will be apparent to those of ordinary skill 
in the art. The secure online digital content licensing method and system may be 

25 unplemented in hardware, software, or a combination of both. 

According to one embodiment, rental of the content occurs within 
an online environment including at least one content server located at a first node 
and connected by a communications link to a plurality of UNDs located at other 
nodes. The method includes providing access to content stored within a memory 

30 of a content server. Requests are then submitted by UNDs for rental of selected 
content for a specified period of time or for a specified number of plays ("rental 
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moder'). The requests include electronic payment for a license based on the 
selected content and the specified rental model. In one embodiment, oiice 
electronic payment is provided, the license is transmitted to the UND via a 
communications link. Once the content and the license are transmitted to the 
S UND, the content is accessible to the user on the UND in a user-perceptible form 
in accordance with the rental model contained in the license. 

In one embodiment, the UND may establish electronic 
communication with the main website prior to permitting access to the content in a 
user-perceptible form to ensure that the access is within the specified rental model 

10 parameters, and optionally that the UND to which the license was transmitted is 
the UND that will be used for access. This ensures that content downloads that 
are conveyed to other parties who may also wish to access the content are not 
accessible to tiiose other parties. In the event that those otiier parties attempt to 
access the content that was conveyed to them, the main website may provide to the 

IS other parties the opportunity to purchase a rental license (also referred to as a 
license or license certificate). 

In one embodunent, functions are implemented with machine- 
executable instructions. The instructions may be used to cause a general-purpose 
or special-purpose processor that is programmed with the instructions to perform 

20 the functions and steps described herein. Alternatively, the functions and steps 
may be performed by specific hardware components that contain hardwired logic 
for performing tiie steps, or by any combination of programmed computer 
components and custom hardware components. 

Embodiments of the present mvention may be implemented as a 

25 computer program product which may include a machine-readable medium having 
stored thereon instructions which may be used to program a computer (or other 
electronic devices) to perform a process according to embodiments of the present 
invention. The machine-readable inedium may include, but is not limited to, 
floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, 

30 RAMs, EPROMs, EEPROMs, magnet or optical cards, flash memory, or other 
^e of media/machine-readable medium suitable for storing electronic 



-8- 



wo 01/78303 PCTAJSOl/11381 

instructions. Moreover, embodiments of the present invention may also be 
mq)lemented as a computer program product, wherein the program may be 
transferred from a remote computer (e.g., a server) to a requesting computer (e.g.^ 
a client) by way of data signals embodied in a carrier wave or other propagation 
5 medium via a communication link (e.g., a modem or network connection). 

Network System Architecture 

FIG. 1 is a simplified view of an exemplary client-server 
environment 100, such as the World Wide Web (the Web), in which the secure 

10 online digital content licensing method and system may be hnplemented. The 
architecture of the Web follows a conventional client-server model. The terms 
"client" and ""server" are used to refer to a conq)uter'5 general role as a submitter 
of requests for data (the client) or provider of data (the server). The UND 102 and 
Web server 104 communicate usmg a protocol such as HyperText Transfer 

15 Protocol (HTTP). In the Web environment, Web browsers reside on clients and 
render Web documents (pages) served by the Web servers. The client-server 
model is used to communicate information between UND 102 and Web server 
104. 

Web server 104 is coupled to a network 110, for example the 
20 Internet, and responds to document requests and/or other queries from Web 
clients. When a user selects a document by submitting its Uniform Resource 
Locator (URL), a Web browser, such as Netscape Navigator or Internet Explorer, 
opens a connection to Web server 104 and initiates a request (e.g., an HTTP get) 
for the document. Web server 104 delivers the requested docmnent, typically in 
25 the form of a text document coded in a standard markup language such as 
HyperText Markup Language (HTML) or Dynamic HTML (DHTML) 

According to one embodiment, when a user wishes to participate in 
secure online licensing of digital content, for example digitally encoded movies 
("movies"), the UND 102 connects to Web server 104 and is presented with the 
30 main website home page. The mam website provides access to onlme catalog 
information regarding various movies for rental. From the main website home 
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page, the online user is forwarded to various screens that allow the user to search 
and view various movies available for rental as well as the capability to download 
movies for viewing on UND 102 at a later time. 

In one embodiment, when the user requests a movie, Web server 

5 104 provides a URL for the location of the movie to UND 102. The URL dkects 
the request to content server 106. Content server memory 108 provides storage 
for a large volume of digitally encoded movie files. The digitally encoded movie 
files that reside m content server memory 108 noay be encrypted usmg standard 
encryption techniques. Content server 106 will deliver the requested movie in an 

0 encrypted form to UND 102 if the requested inovie resides on content server 106. 
In one embodiment, if the requested digitally encoded movie does not presently 
reside on content server 106, the request will be forwarded to additional content 
servers (not shown) located in different geographical locations within the 
exemplary client-server environment 100 until the movie is located. At that point, 

5 the movie will be downloaded m an encrypted form to UND 102 by the respective 
content server. 

In one embodiment, if the movie does not presently reside on any of 
the content servers, then the content will be downloaded to one of the content 
servers from origin server 112. Origin server 112 may contain a complete copy of 
0 the library of the encrypted digitally encoded movie files on origin server memory 
114. Further, in some embodiments, there may be additional origin servers (not 
shown) located in different geographical locations in client-server environment 
100, each comprising a copy of the entire library of the encrypted digitally 
encoded movie files. 

S In other embodiments, movie files residing on other UNDs, such as 

UND 116, may be identified as available for download to a requestmg UND, such 
as UND 102, as either a dnect peer to peer connection, represented by broken line 
103, or through Web server 104, with Web server 104 managing at least the 
search and download operations. 

0 In some embodiments, a token may be embedded in the URL which 

authenticates the right of the user to download the requested movie. The token 
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may be generated at the time of the original request. One purpose for token 
authentication is to restrict movie downloads only to the user that has actually 
requested the movie. This results in cost savings, since each unauthorized 
download has certain costs associated with it. In addition, token authentication 
prevents attacks by hackers intent on causing service disruption by instigating 
multiple download requests which tie up the resources of content server 106. 
Additionally, in some embodiments, the URL may also contain a geographic filter 
which restricts the downloading of movies to certain geographical locations, for 
example, downloads may only be permitted within the United States. 

UND 102 may be any type of computing device such as, but not 
limited to, desktop computers, workstations, laptops, a set-top box, and/or 
mainframe con^uters. Additional variations may also be implemented such as 
interfaces for wireless telephones, set-top-boxes, PDAs, AVHDD devices (such as 
a SONY "Tivo** device), and for satellite download capability. One or more users 
not shown may be associated with each UND. 102. Web server 104, content server 
106, and origin server 112 may also be any type of computing device such as, but 
not limited to, desktop computers, work stations, laptops, and/or main frame 
computers; - _ ^ 

Network Operations Center 

FIG. 2 shows a simplified block diagram of a network operations 
center (NOC) 200, according to one embodiment of the invention. NOC 200 
con3prises multiple Web servers 204, multiple application servers 208, firewalls 
210 and 212, license generator 2i4, and mam website 206. Web servers 204 
deliver documents such as HTML and DHTML documents requested by a user 
through UND 202, as well as storing other documents and files (audio, video, 
graphics, or text) that may be displayed to the user on main website 206. 
Application servers 208 may create dynamic Web pages which may be provided to 
Web server 204 and that may be displayed to the user on the main website. 
Application servers 208 may also contain personalization information on different 
users of the main website such as, but not limited to, user personalized home pages 
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and user shopping habits. In one embodiment, application servers 208 also store 
business rules for movie license acquisition by users of main website 206. As 
discussed in more detail below, these business rules define who may acquire a 
license to view a movie and under what conditions (i.e., tune period, number of 

S viewings within the tune period). 

Smce the information contained on application servers 208 may be a 
target of xmauthorized access, a firewall 210 is located between the Web servers 
204 and application servers 208. Firewall 210 provides security for the 
application servers 208 by controlling access to the application servers 208. In one 

0 embodiment, firewall 210 is implemented as a packet filter type firewall which 
examines traffic at the network protocol packet level. Furewall 212 provides the 
same function between application servers 208 and license generator 214. Thus, 
firewall protection provides security against unauthorized access to the application 
servers 208 and the license generator 214. 

5 Application servers 208 are authorized to access license generator 

214 through firewall 212. The license generator 214 will generate a license for a 
user-requested movie based on the business rule information passed to license 
generator 214 by application servers 208. 

A process by which a user requests a movie and a license for that 

0 movie is generated, according to one embodiment, is illustrated by the block 

diagram in FIG. 3. When a user at UND 302 requests a license to content while 
browsing on the main website 306, license request information block 303 is 
provided to main website 306. License request information block 303 may include 
information about the rental model that the user desires. As an exan^le, the user 

5 may wish to view tihe movie during a 24 hour period, the 24 hour period beginning 
when the user pushes the play button on the user's media player. In one 
embodiment, the user would then have 30 days in which to start the 24 hour period 
. before the license expires. In one embodiment, when the license expires it may 
remain on the user's UND but may not be used to access its associated movie. 

0 According to one embodiment, information about the user's UND 

302 is also provided in license request information block 303, transparentiy to the 
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user. This information may, for example, include the hard drive serial number, 
BIOS checksum, or other information used to identify the particular UND. In 
addition, infonnation may be mcluded in license request information block 303 
identifying the particular media player that will be used to access the content. In 
5 some embodiments, the initial license request from UND 302 may only include the 
identification information about UND 302 or some other infonnation sufficient to 
begin the license request process. In this embodiment, additional mformation sadi 
as, but not limited to, the rental model information and media player identification 
information described above may subsequently be added to the license request 

10 before the license is generated. This infonnation will subsequently be passed by 
application server 308 to license generator 314 and may then be embedded in the 
license to ensure that the requested movie associated with the license is only played 
on the identified UND and only by the identified media player. The process by 
which the identity of the UND and media player is verified will be discussed in 

IS more detail below. 

In one. embodiment, when the user purchases a license, the user has 
the choice between transferring the purchased license immediately to the UND 
currently being used, or transferring the purchased license later to the same UND 
or a different UND. If the user transfers the purchased license immediately, then 

20 the purchased license will be related to that UND and media player. Thus, if the 
user later copies the purchased license to a different UND (which also contains a 
copy of the associated content), that purchased license would not be valid and 
could not be enabled. If, however, the user does wish to view the content on a 
UND other than the one currently bemg used to access the main website, the user 

25 will be reqmred to connect to the mam website again at a later time using that 
particular UND and transfer the purchased license to that UND. 

To download the license at a later time, a user may use either the 
media player or a Web browser to connect to the main website and request the 
purchased license. In the case where the media player is used to connect to the 

30 main website, when the user attempts to access the content, the media player 
recognizes that the user requires a license and connects the user to the main 
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website. If the user has not yet purchased a license, for example if the user 
received a copy of the content from another user, the main website will query the 
user as to the purchase of a license. 

In addition, in one embodiment a 128 bit Globally Unique IDentifier 

5 (GUID), which is iassociated widi the requested movie file or, in some 

embodhnents, with the movie, is added by main website 306 to the request 
information, as shown by license request mformation block 305, and is then passed 
to die application server 308. In one embodiment, application server 308 will add 
business rule mformation to the request information, as shown by license request 

0 information block 307. License request information block 307 is subsequently 
passed by the application server 308 to license generator 314. 

License generator 314 receives the information provided in license 
request information block 307 and generates a license associated with the requested 
movie. In one embodiment, the license naay be in the form of a license data object 

S 309 comprising a plurality of data fields. In one embodiment, a portion of the data 
fields may contain the license information block 307 information that was passed 
to the license generator 314 by application server 308, along with additional 
information generated by the license generator 314. 

As an example of information within license data object 309 that 

0 was passed to license generator 314, there is a data field 318 which contains 

information on the rental model requested by the user. There is also a data field 
320 which contains information on the date on which the user's ability to play the 
movie will expire. Data field 322 contains identification information on the user's 
UND. Data field 324 contains identification information on the user's media 

5 player. In addition, data field 326 contains the 128 bit GUID that is associated 
with the requested movie file or movie. As one example of information that is not 
passed to license generator 314 but instead may be generated by license generator 
314 itself, data field 328 contains an encryption key that is associated with the 
requested movie file and imlocls the encrypted movie file. The information 

0 contained in license data object 309 is referred to collectively as "access 
information." 
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License data object 309 is passed by license generator 314 to 
application server 308. Application server 308 then passes license data object 309 
to main website 306. Main website 306 then transfers license data object 309 to 
UND 302, where it is stored in a protected database (PD) 316. 

User netwoik-enabled device Architecture 

HG. 4 shows a functional block diagram view of a UND 402 which 
includes a CPU 404, a user interface 406, a memory 408, and a communications 
interfece 412. The communications interface 412 is used to conmiunicate with a 
network video server computer such as Web server 104 and content server 106 in 
FIG. 1 or with other system resources not shown. The communications interface 
412 provides a network connection. While any connection rate may be used, a 
high speed or broadband data connection, such as a connection providing a data 
rate of 500 kilobit per second (kbps) or more is preferred. The memory 408 of the 
UND 402 may be implemented as RAM (random access memory) or a 
combination of RAM and non-volatile memory such as, but not limited to, 
magnetic disk storage. The memory 408 may contain magnetic disk storage 
sufficient to store an encoded movie, or wi^ atleast one gigabyte of free space. 
The memory 408 may contain the following: 

• an operating system 420; 

• internet access procedures 422 including a Web-browser such 
as, for exanqple, Internet E;q)lorer Version 4.0 or greater; 

• media player and security technology 424; 

• storage space for encrypted digital miovie files 426; 

• as well as other procedures and files (not shown). 

Media player and security technology 424 comprises PD 416. PD 
416 may be a standard component in the Media player and security technology 
424. In one embodiment, PD 416 provides an encrypted memory space for 
storage of license data objects created by a license generator located at the NOC 
and transferred to the UND, as discussed above in reference to FIG. 3. Thus, the 
license data objects in PD 416 are themselves encrypted. Components within 
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media player and security technology 424 are able to access the license data objects 
stored in PD 416 as discussed in more detail below in relation to FIG. 5. 

The license for the requested movie has now been obtained by the 
user and stored on the user's UND, as described with reference to FIG. 3. For the 
5 present example it will be assumed that the user has ahready downloaded the 
requested encrypted movie file to memory storage such as storage space 426 
within memory 408. However, the user may obtain a license for a movie file that 
the user will download at a future time. Similarly, the user may obtain a license at 
the same time that the movie file is downloaded to the user. Regardless of when 
10 the user decides to download the movie file, the user is required to have a license 
associated with the movie in the PD before the user may play that movie. When 
the associated license is present in the PD, the user may then view the movie by 
accessing media player and security technology 424. 

15 Media Plaver And Security Technology 

FIG. 5 illustrates a block diagram of functional components 
representing the software implemented media player and security technology 424, 
showing also that it has access to PD 416. M&iia player and security technology 
424 comprises the software that allows a user of UND 402 to view a movie for 

20 which the user has obtained a license. As discussed above, PD 416 may contain 
one or more license data objects that have previously been generated by a license 
generator located at an NOC and that are associated with user-requested movies. 

Digital Rights Management (DRM) functional component 430 is a 
block of code m the media player and security technology 424 that provides a 

25 secure environment within UND 402 for ensuring that only properly licensed 
movies are viewed on the UND to which the license was transferred. In one 
embodiment, DRM 430 does this by preventing encrypted content from being 
decrypted and accessed by the user in a user-perceptible form unless a valid license 
associated with the content has been enabled. DRM 430 may be run either in the 

30 user (application) space or in the kernel space. DRM 430 is protected against 

tampering by the use of code obfuscation and tamper detection techniques. DRM 
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430 also comprises anti-debugging capabilities that detect common debugging 
traps. 

Besides DRM 430, media player and security technology 424 
further comprises other blocks of code. Decryption block 434 decrypts die 
5 encrypted movie ffle. CODEC 436 decompresses the decrypted movie file. Plug- 
ins block 438 conq)rises any plug-in programs associated with media player 440. 
Media player 440 comprises a software inq)lementation of a media player and may 
present to the user an interface comprising a movie display area for presenting the 
content in a user-perceptible form, and user-selectable operators such as, but not 

10 limited to, play, rewind, fast-forward, and pause buttons. Media player 440 may 
be communicatively coupled to monitor 444 through hardware interface 442. 

In one embodiment, DRM 430 provides a secure environment 
withm UND 402 by ensuring a secure inter-process communication (IPC) data 
stream between the components within media player and security technology 424. 

15 Ensuring a secure IPC data stream involves ensuring that conq)onents within media 
player and security technology 424, as well as other conq)onents (not shown) 
within UND 402, are not tanq)ered with by unauthorized users intent on bypassing 
the license requirements. In one embodiment, this mtegrity check is accomplished 
by DRM 430 performing code authentication, represented by directed lines 441, 

20 on the other components within media player and seciuity technology 424. For 

example, if the code withm CODEC 436 had been tampered with in order to divert 
the decrypted movie file bits mto another file, DRM 430 would detect this by, for 
example, code authentication procedures on CODEC 436. Thus, if the code 
within CODEC 436 had. been tampered with, DRM 430 could shut down media 

23 player 440, inhibiting the viewing of movies. 

In one embodunent, DRM 430 may access PD 416 through the use 
of a root encryption key within the code of DRM 430. By using the root 
encryption key, DRM 430 is able to access and decrypt encrypted license data 
objects within PD 416. This process is represented by dashed directed line 443. 

30 Thus, all the information contained in the license data objects, including the rental 
model, expiration date, UND identification information, media player 
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identification information, and movie GUID, are made available in an imencrypted 
formtoDRM 430. 

Each movie file may be encrypted using a unique key. In one 
embodiment, movie files may be periodically re-encrypted and re-released, for 
5 example every thirty days. As discussed above, also included in the license data 
objects is the encryption key for decrypting the encrypted movie file. DRM 430 
may pass the encryption key to decryption block 434. This process is represented 
by dashed directed line 445. In addition, an encrypted movie cannot be played 
without an enabled license. Each license is keyed to work with a specific movie 

10 file associated with that license and with a specific UND and media player. If the 
license is copied to a difierent UND, it will no longer be valid and will inhibit 
viewing of the movie. 

When the user attempts to access the movie, DRM 430 compares 
the GUID of the movie with GUIDs contained in license data objects located in PD 

IS 416. If the result of a conq>arison is true, i.e. if the GUID of the movie matches a 
GUID in a license data object present in PD 416, then DRM 430 accesses the 
license data object associated with that movie within PD 416. DRM 430 then 
compares the UND and media player identification information in that license data 
object to UND 402 and media player 440. If any of the above comparisons are 

20 false, i.e. if there is not a match, then DRM 430 will deny enablement of the 
license. If the results of these comparisons are true, then DRM 430 further 
verifies that the attempted viewing of the movie conforms to the rental model 
contained in the license data object. 

If all the comparisons are true, and if the viewing of the movie is m 

25 conformance with the rental model, and further, if the integrity checks performed 
by DRM 430 detect no tampering^ then the license will be enabled. The encrypted 
movie file will then be transferred from* storage block 426 to decryption block 434 
of media player and security technology 424. This process is represented by 
dashed directed line 447. After being decrypted, the movie file will then proceed 

30 through CODEC 436 and become available m a decon^ressed form to media 
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player 440. The user may then play the movie. Hardware interface 442 will 
convert the file into a user perceptible form on monitor 444. 

In some embodunents, die rental model may allow the user only a 
certain number of viewings of the movie within a certain time period, for example, 
5 one viewing within a 24 hour period* In order to prevent the user from bypassing 
the rental model contained in the license by, for exanq)le, rewinding (or reversing) 
to the beginning of the movie just before the movie ends, watermark information 
can be inserted into a data field of the license data object by ttie license generator. 
DRM 430 may use the watermark information to control the rewind and fast- 

10 forward functions of media player 440 by allowing a user to rewind or fast- 
forward only a detennined time interval from the current position in the movie. 
This time interval limit information may be enforced by DRM 430. 

As an example, in one embodiment, the watermark information 
could direct DRM 430 to enforce time interval limits of ten minutes for forward or 

15 reverse progression through the movie. The watermarks would then restrict the 
user to rewinding or fast-forwarding the movie file in ten mmute segments. In 
other embodiments, the watermarks may already be present at timed intervals in 
the movie file at the time the movie file is transferred to UND 402 and may be 
enforced by DRM 430 when the movie file is played. 

20 In yet other embodunents, DRM 430 may enforce the time interval 

limits defined by the watermark information by tracking the user's progress in 
viewmg the movie and restricting the rewinding or fast-forwarding of the movie 
file by means of, for example, a hardware or software iniplemented timer. The 
timer may time the user's progress through the movie and when a rewind or fast- 

25 forward command is detected, DRM 430 may ensure, through use of the timer, 
that the user does not rewmd or fast-forward beyond the time interval limits. 

In one embodiment, a purchase model license may be chosen by the 
user in place of a rental model license. The purchase model license may allow the 
purchaser to view a movie on any machine with a media player an unlimited 

30 number of times. In one embodiment, the user may still be required to connect to 
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the main website to verify the terms of the license before viewing the movie is 
possible. 

FIG. 6 shows a flowchart of the authorization process steps 600 
performed, according to one embodiment, by the media player and security 
5 technology to ensure only authorized viewing of a movie. At step 602, the user 
has decided to play a previously downloaded movie. The user will attenq)t to play 
this movie using the media player. 

At step 604, the DRM on the user's UND seeks for a license 
associated with the movie in the PD. If the associated license is found in the PD, 
10 the authorization process continues. If the associated license is not found, the 

user's UND will be connected to the main website, as shown in step 614, and the 
user will be queried about whether the user wishes to purchase a license. 

At step 606, the DRM confirms that the UND and media player 
identification infonnation contained in the license matches the user's UND and 
IS media player. If the identification information matches, the authorization process 
contmues. If the identification information does not match, the user's UND will 
be connected to the main website, as shown in step 614, and the user will be 
queried about whether the user wshes Jo purchase a new license. 

At step 608, the DRM confirms that the user's viewing of the movie 
20 conforms with the rental model. For example, if the rental model called for a one- 
time viewing, then the second time the user attempted to view the movie, the DRM 
would inhibit the second viewmg. If the user's viewing of the movie conforms 
with the rental model, the authorization process continues. If the user's viewing of 
the movie does not conform with the rental model, the user's UND will be 
25 connected to the main website, as shown m step 614, and the user will be queried 
about whether the user wishes to purchase a new license. 

At step 610 the DRM confirms that the user's UND has passed all 
integrity checks performed by the DRM. If all tests have been passed, then at step 
612 the license is found to be authentic and is enabled. The user may now play the 
30 movie on the media player. If aU tests have not been passed, then, in one 
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embodiment, the user may be comiected to the main website, as shown in step 614, 
to receive a revocation certificate, as described below. 

In some embodiments, at step 614 the DRM on the user's UND 
may query the user about whether the user wishes to purchase a license rather than 
5 the user's UND being connected to the main website for the user to be queried. 

Revocation 

At various times it will be desirable to control the ability of users to 
access particular content within particular DRM environments and by particular 
10 media players. For example, when DRM security upgrades are performed or 

when tampering with components within the media player and security technology 
is detected by integrity checks performed by the DRM. In addition, when the 
security of particular movie files has been compromised, a system and method is 
required to revoke previously issued access rights to content in order to provide 
IS better security for the secure digital content licensing system and method described 
above. 

In the case where a DRM has been upgraded to a higher security 
level or when particular components of the_media player and security technology 
have been compromised, one embodiment of a system and method for controlling 
the ability of users to access content comprises specifying within the license 
particular DRM versions for which the license will not be valid. This information 
may be added to the application servers located in the NOC and may then comprise 
a part of the business rules contained within the application servers. 

Thus, when a license is requested by a user, the application servers 
will pass to the license generator information about the DRM versions that are not 
autiiorized to play the requested content. The license generator will then include 
that DRM version information m the generated license data object that is 
transferred to the PD. If the user attempts to play the movie on a UND with a 
unauthorized version of the DRM, the DRM will detect this and inhibit viewing of 
the content. 
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Additionally, information may be added to the business rules of the 
application servers located in the NOC that inhibits the creation of licenses for 
particular DRM environments or for particular content. Thus, if the license is 
being requested by a user and the user's UND contains components that are known 
to have been compromised, or if the requested content has been compromised, the 
busmess rules within the application servers will mhibit the creation of tiie license. 

In the case where rights to access particular content have already 
been issued in the form of a license that now resides in the PD of the user's UND, 
one embodiment allows active revocation of those rights through the issuance of 
revocation certificates. Revocation certificates revoke previously issued licenses 
for content when, for example, that content is known to have been compromised in 
some way. In addition, revocation certificates may be issued for con^romised 
software components within the media player and security technology on the 
UND. 

Once the license for the compromised content or the right to use the 
conipromised software component to view the content has been revoked, the 
content may not be played until the content or the components have been 
, upgraded. As an example, if the CODEC within the media player and security 
technology of a particular UND has been compromised in some way, a revocation 
certificate may be transferred to that UND that will inhibit the playing of any 
movies until tiie CODEC is upgraded to a secure version. Thus, m one 
embodiment, the revocation certificate may be a data object with a data field that 
contains infomfiation on the unauthorized CODEC. The revocation certificate will 
be transferred to the PD of the UND. Placement of the revocation certificate into 
the PD ensures the security of the revocation certificate. Thus, unauthorized 
removal of the revocation certificate from the UND is made more difficult. The 
DRM code may then access the revocation certificate, for example by using the 
DRM's root key, and read the information from the data field and if it matches the 
CODEC on the UND, the DRM code may inhibit viewing of the content. 

In some embodiments, revocation certificates may periodically be 
transferred to UNDs from a revocation server that may be located at the NOC. 
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Thus, in one embodiment, obtaining a license may require that the DRM on the 
user's UND has polled the revocation server within a specified period of time, for 
example, within the last ten days. Polling the revocation server allows the 
revocation server to transfer any revocation certificates to the polling UND. In 

5 one ^bodiment, if the DRKf has not polled the revocation server within the 
specified period of time, and thus has not received the applicable revocation 
certificates, then the DRM may inhibit playback of content. 

In another embodiment, the revocation information may be attached 
to a license data object that is issued by the license generator. In this embodiment^ 

0 the revocation information may be added to the business rules of the application 
servers located at the NOC and passed to the license generator for attachment to a 
license data object. Thus, when the user requests and'receives the license data 
object into the PD of the user's UND, the revocation information will be 
accessible by the DRM, for example by using the DRM's root key. Placement of 

S the revocation information into the PD ensures the security of the revocation 
information. Thus, unauthorized removal of revocation information from the 
UND is made more difficult. 

Several aspects of one implementation of the secure digital content 
licensing system and method have been described. However, various 

0 implementations of the secure digital content licensing system and method provide 
numerous features including, complementing, supplementing, and/or replacing the 
features described above. Features may be implemented as part of the server or as 
part of the user's UND in different inoplementations. 

It is to be understood that even though numerous characteristics and 

5 advantages of various embodunents of the present invention have been set forth in 
the foregoing description, togetiier with details of the structure and function of 
various embodiments of the mvention, this disclosure is illustrative only. 

In addition, although the embodknent described herein is directed to 
a secure digital content licensing system and method for on-line rental of movies, 

D it will be appreciated by those skilled in the art that the teaching of the present 
invention may be applied to other systems. In fact, systems for online rental of 
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digitally encoded songs, books, television programming, radio programming, and 
any other content (audio, video, text, etc.) which may be digitized or encoded and 
stored as an electronic file are within the teachings of the present invention, 
without departing from the scope and spirit of the present invention. 

5 The present invention provides many advantages over Icnown 

techniques. Advantages of the invention include the ability to securely control 
access to content by providing a system and method for generating licenses for 
content based on a particular rental model for that particular content. 

Further advantages of the mvention include the ability to revoke the 

10 right to view particular content on particular media players within particular media 
and security procedure environments. In addition, the present invention provides a 
system and method for issuing revocation certificates to particular UNDs that 
inhibits playmg of particular content or the playing of content within a particular 
media and security procedure environment. 

15 Having disclosed exemplary embodiments and the best mode, 

modifications and variations may be made to the disclosed embodunents while 
remaining within the scope of the invention as defined by the followmg clauns. 



-24- 



wo 01/78303 PCT/USOl/11381 

WHAT IS CLAIMED IS: 

1 . A system for secure licensing of content to a user on a user 
network-enabled device, the system comprising: 

at least one server network device communicatively coupled to ttie 
S user network-enabled device; 

wherein the at least one server network device is programmed to 
transfer selected content to the user network-enabled device; and 

a license generator, the license generator being programmed to 
generate a license associated with the selected content, the license comprising 
10 access information for controllmg the user network-enabled device to produce a 

user-perceptible form of die selected content when conditions defined by the access 
information are met and to inhibit production of a user-perceptible form of the 
selected content when conditions defined by the access information are not met. 

2, The system recited in claim 1 , wherein the at least one 
15 server network device is further progranmied to receive at a first node on the 

network a request for content firom the user network-enabled device at a second 
node on the network; 

wherem the transfer of selected content comprises transferring the 
requested content in response to the receipt of the request at the second node. 

20 3 . The system recited in claim 1 , wherein the content is 

encrypted. 

4. The system recited in claim 1 , wherein the at least one server 
network device is further programmed to receive at the first node on the network a 
request for the license from the user network-enabled device at the second node on 
25 the network; and 

wherein the at least one server network device is further 
programmed to transfer the requested license to the user network-enabled device at 
the second node. 
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5. The system recited in claim 1, wherein the license is a data 

object. 

6. The system recited in claim 5, wherein the data object 
comprises a plurality of data fields, at least a portion of the plurality of data fields 

5 containing the access information. 

7. The system recited in claim 1 , wherein the access 
information comprises at least one of a content rental model, an expiration date of 
the license, user network-enabled device identification mformation, media player 
identification information, a GUID identifying particular content, and an 

10 encryption key for decrypting encrypted content. 

8. The system recited in claim 7, wherein the content rental 
model defines at least one of a specified period of time and a specified number of 
plays. 

9. The system recited in claim 7, wherein the content rental 
IS model defines an unlimited number of plays on any user network-enabled device. 

10. The system recited in claim 7, wherein the content rental 
model includes a watermark, the watermark allowing the user to rewind only a 
determined time interval from the current position m the movie. 

1 1 . The system recited in claim 1 , further comprising at least one 
20 ^plication server, the at least one application server being communicatively coupled 

to both the at least one server network device and the license generator; 

wherein the at least one application server is prograiomed to receive 
the license request from the at least one server network and to transfer the license 
request to the license generator. 

25 12. The system recited in claim 1 1 , wherein the at least one 

application server is fiurther programmed to provide business rules to the license 
generator, the business rules being included in the license request by the at least 
one application server before transferring the license request to the license 
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generator, the business rules defining the types of licenses that the license, 
generator may generate. 

13. The system recited in claim 11, wherein the at least one 
application server is further programmed to gather and store personalization 

5 information about users. 

14. The system recited in claim 1 1 , wherein the at least one 
application server is further programmed to create dynamic Web pages. 

15. The system recited in claim 11, further comprising a firewall 
situated between the at least one server network device and the at least one 

10 application server, the firewall preventing unauthorized access to fhe at least one 
application server, 

16. The system recited in claim 11, further comprising a firewall 
situated between the at least one application server and the license generator, the 
firewall preventing unauthorized access to fhe license generator. 

15 17. A method for secure licensing of content to a user on a us©: 

netwotk-SS)led device, ffie me&odcom^ 

transferring selected content to the user network-enabled device; and 
generating a license associated with the selected content, the license 
comprising access information for controlling the user network-enabled device to 
20 produce a user-perceptible form of the selected content when conditions defined by 
the access information are met and to mhibit production of a user-perceptible form 
of the selected content when conditions defined by the access information are not 
met. 



18. The method recited in claim 17, wherein the license is a data 



25 object. 



19. The method recited in claim 18, wherein the data object 
comprises a plurality of data fields, at least a portion of the plurality of data fields 
containing the access information. 

-27- 



wo 01/78303 



PCTAJSOl/11381 



20. The method recited in claim 17, wherein the access 
information con^rises at least one of a content rental model, an expiration date of 
the license, user net«vork-enabled device identification information, media player 
identification information, a GUID identifying particular content, and an 

5 encryption key for decrypting encrypted content. 

21. A system for secure licensing of content to a user on a user 
netwoik-enabled device, the system comprising: 

at least one server network device communicatively coupled to the 
user network-enabled device; 

wherein the at least one server network device is programmed to 
transfer a license associated vdfh the content to the user network-enabled device, the 
license comprising access information which defines access rights to the content; 

wherein the user network-enabled device is programmed to provide 
media player and security technology, the media player and security technology 
verifying the access rights and allowing the user network-enabled device to 
produce a user-perceptible form of the content only when the content is properly 
licensed and inhibitmg the niser network-enabled device firdm producing a user^ ^ 
perceptible form of the content when the content is not properly licensed. 

20 22. The system recited m claim 21, wherein the media player 

and security technology comprises a media player for displaying the content in a 
user-perceptible form. 

23 . The system recited in claim 22, wherein the media player 
and security technology further comprises at least one of decryption code for 

25 decrypting encrypted content, a CODEC for decompressing compressed content, a 
monitor for displaying the media player to the user, and a hardware interface 
between the media player and the monitor. 

24. The system recited m claun 23, wherein tiie media player 
and security technology further comprises digital rights management code for 



10 



15 
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. providing a secure inter-process communication data stream between the 
decryption code, the CODEC, the media player, the hardware interface, and the 
monitor. 

25. The system recited in claim 24, wherein the digital rights 
5 management code is protected against tampering by at least one of code 

obfuscation and anti-debugging techniques. 

26. The system recited in claim 24, wherein the digital rights 
management code provides the secure inter-process communication data stream 
between the decryption code, the CODEC, the media player, the hardware 

10 interface, and the monitor by performing an integrity check on at least one of the 
media player, the decryption code, the CODEC, the hardware interface, and the 
monitor in order to detect tampering. 

27. The system recited in claim 26, wherein the digital rights 
management code inhibits the display of content in a user-perceptible form when at 

15 least one of the media player, the decryption code, the CODEC, the hardware 
interface, and the monitor do not pass the integrity check. 

28. The system recited in claim 24, wherein the media player and 
security technology further comprises a protected database in conmiunication with 
the digital rights management code; 

20 wherem the protected database securely stores transferred licenses. 

29. The system recited in claim 28, wherein the protected 
database is protected by encryption methods. 

30. The system recited in claim 29, wherein the digital rights 
management code comprises a root key, the root key unlocking licenses within the 

25 protected database. 

3 1 . The system recited in claim 29, wherein the digital rights 
management code examines the access information within the unlocked license and 
determines the access rights to the content provided by the unlocked license. 
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32. The system recited in claim 22, whereia the access 
information comprises at least one of a content rental model, an expiration date of 
the license, user network-enabled device identification information, media player 
identification information, a GUID identifying particular content, and an 

5 encryption key for decryptmg encrypted content. 

33 . The system recited in claim 32, wherein the digital rights 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 
enforcing compliance by the user with the content rental model contained in the 

10 unlocked license. 

34. The system recited in claim 32, wherein the digital rigihts 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 
comparing user network-enabled device identification information in the unlocked 

15 license with the user network-enabled device on which the digital rights 
management code resides. 

35. The system recited m claim 32, wherem the digital rights 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 

20 comparing media player identification information in the unlocked license with the 
media player on the user network-enabled device on which the digital rights 
management code resides. 

36. The system recited in claim 32, wherein the digital rights 
management code passes the encryption key contained in the unlocked license to 

25 the decryption code in order to decrypt the encrypted content. 

37. A method for secure licensing of content to a user on a user 
network-enabled device, the method comprising: 
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transferring a license associated with the content to the user network- 
enabled device, the license comprising access information which defines access 
rights to the content; and 

providing media player and security technology on the user 
network-enabled device, the media player and security technology verifying the 
access rights and allowmg &e user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed and 
inhibiting the user network-enabled device from producing a user-perceptible form 
of the content when the content is not properly licensed. 

38. The method recited in claun 37, wherein &e media player 
and security technology con^rises a media player for displaying the content ui a 
user-perceptible form. 

39. The method recited in claim 38, wherein the media player 
and security technology further comprises at least one of decryption code for 
decrypting encrypted content, a CODEC for decompressing compressed contrat, a 
monitor for displaying the media player to the user, and a hardware interface 
between the media player and the mo nitor . _ _ _ 

40. The method recited in claim 39, wherein the media player 
and security technology further comprises digital rights management code for 
providing a secure inter-process communication data stream between the 
decryption code, the CODEC, the media player, the hardware interface, and the 
monitor. 

41 . The method recited m claim 40, wherein the media player and 
security technology further comprises a protected database in communication with 
the digital rights management code; 

wherein the protected database securely stores transferred licenses. 

42. The method recited in claim 41 , wherein the protected 
database is protected by encryption methods. 
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43 . The method recited in claim 41 , wherein the digital rights 
management code comprises a root key, the root key unlocking licenses within the 
protected database. 

44. The method recited in claim 43, wherein the digital rights 
management code examines the access information within the unlocked license and 
determines the access rights to the content provided by the unlocked license. 

45. The method recited in claim 38, wherein the access 
information comprises at least one of a content rental model, an expiration date of 
the license, user network-enabled device identification information, media player 
identification information, a GUID identifying particular content, and an 
encryption key for decrypting encrypted content. 

46. The method recited in claim 45, wherem the digital rights 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 
enforcmg compliance by the user with the content rental model contamed in the 
unlocked license. 

47. The method recited in claim 45, wherein the digital rights 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 
comparing user network-enabled device identification information in the unlocked 
license with the user network-enabled device on which the digital rights 
management code resides. 

48. The method recited in claun 45, wherein the digital rights 
management code allows the user network-enabled device to produce a user- 
perceptible form of the content only when the content is properly licensed by 
conq)aring media player identification information in the unlocked license with the 
media player on the user network-enabled device on which the digital rights 
management code resides. 
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49. The method recited in claim 45, wherein the digital rights 
management code passes the encryption key contained in the milocked license to 
the decryption code m order to decrypt the encrypted content. 

50. A system for revoking a license to access content in a user- 
perceptible form on a user netwoik-enabled device, the system comprising: 

at least one revocation server, the at least one revocation servo: 
transferring to the user network-enabled device a revocation certificate; 

wherein the revocation certificate comprises revocation information 
for controllmg the user network-enabled device to inhibit production of a user- 
perceptible form of (he content when conditions contamed in the revocation 
mformation are satisfied. 

51 . The system recited in claim 50, further comprising media 
player and security technology for verifying the license and allowing the user 
network-enabled device to produce a user-perceptible form of the content only 
when the content is properly licensed and inhibiting the user network-enabled 
device from producing a user-perceptible form of the content when the content is 
not properly licensed. --^ ... 

52. The system recited in claim 5 1 , wherein the media player 
and security technology comprises a media player for displaying the content in a 
user-perceptible form. 

53 . The system recited in clahn 52, wherein the media player 
and security technology further comprises at least one of decryption code for 
decrypting encrypted content, a CODEC for decompressing compressed content, a 
monitor for displaying the media player to the user, and a hardware interface 
between the media player and the monitor. 

54. The system recited in claim 53, wherein the media player 
and security technology further comprises digital rights management code for 
providing a secure inter-process communication data stream between the 
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decryption code, the CODEC, the media player, the hardware interfiace, and the 
monitor. 

55. The system recited in claim 50, wherein the revocation 
certificate is a data object. 

5 56. The system recited in claim 55, wherein the data object 

comprises a plurality of data fields, at least a portion of the plurality of data fields 
contaming the revocation information. 

57. The system recited in claim 56, wherein the revocation 
information comprises information about specific media player and security 

10 technology for which access to a user-perceptible form of the content is inhibited. 

58. The system recited in claim 56, wherein the revocation 
mformation comprises information about specific content for which access in a 
user-perceptible form is inhibited. 

59. The system recited in claim 5 1 , wherein fhe media player and 
15 security technology further comprises a protected database in communication with 

the digital rights management code; 

wherein the protected database securely stores transferred 
revocation certificates . 

60. The system recited in claim 59, wherein fhe protected 
20 database is protected by encryption methods. 

61. A method for communicating revocation certificates for 
revoking licenses to access content in a user-perceptible form on a user network- 
enabled device, the method comprising: 

polling of a revocation server by the user network-enabled device, the 
25 revocation server containing a list of the revocation certificates; and 

transferrmg the revocation certificates to the user network-enabled 

device. 



-34- 



01/78303 



PCTAJSOl/11381 



62. The method recited in claim 61, wherein polling of the 
revocation server comprises polling the revocation server on a defined periodic 
basis. 

63. The method recited in claim 62, wherein the defined periodic 
basis is once every ten days. 

64. The mediod recited in claim 61 , wherein transferring the 
revocation certificates to the user network-enabled device comprises transferring 
the revocation certificates to a protected database on the user network-enabled 
device. 

65 . The method recited in claun 64, wherein the protected 
database is protected by encryption methods. 

66. The method recited in claim 62, further comprising 
inhibiting access to content in a user-perceptible form on the user network-enabled 
device when the revocation server has not been polled by the user network-enabled 
device within the defined period. 

67. A mefliod for communicating revocation certificates for 
revoking licenses to access content in a user-perceptible form on a user network- 
enabled device, the method comprising: 

attaching a list of the revocation certificates to a requested license for 

content; and 

transferrmg the requested license, over a network, to the user 
network-enabled device. 

68. The method recited m claim 67, wherein attaching a list of 
the revocation certificates to a requested license for content comprises an 
application server attaching the list to die requested license. 

69. The method recited in claim 67, wherein transferring the 
requested license to the user network-enabled device comprises transferring the 
requested license to a protected database on the user network-enabled device. 
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70. The method recited m claim 69, wherein the protected 
database is protected by encryption methods. 

71. A metiiod for authenticating a license to access content in a 
user-perceptible form on a user network-enabled device, comprising: 

connecting to a server network device, the server network device 
being communicatively coupled to the user network-enabled device via a 
communication link; 

comparing the content with content identification information 
contained in the license; 

comparing flie user network-enabled device with user network- 
enabled device identification information contained in the license; and 

comparing the media player on the user network-enabled device with 
media player identification information contained in the license; 

wherein the server network device is programmed to deny 
enablement of the license if the results of any of the comparisons are false and 
wherein the license resides on the user network-enabled device. 

72. The method recited in claim 71, wherein connecting to the 
server network device comprises automatically connecting to the server network 
device when an attempt is made to access the content on the user network-enabled 

20 device. 

73. The method recited in claim 71 , wherein the comparisons 
are performed by media and security technology residing on the user network- 
enabled device. 

74. A system for authenticating a license to access content in a 
25 user-perceptible form on a user network-enabled device, comprising: 

a server network device communicatively coupled to the user 
network-enabled device via a communication link; 

wherem the user network-enabled device is programmed for 



10 
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connecting to the server network device via the 

communication link, 

comparing the content witii content identification information 
contained in the Ucense, 
S comparing the user network-enabled device with user 

network-enabled device identification information contained in the license, and 
comparing the media player on the user network-enabled 
device with media player identification information contained in the license, and 
wherein the server network device is programmed to deny 
10 enablement of the license if the results of any of the comparisons are false and 
wherein the license resides on the user network-enabled device. 

75 . A method of restricting forwarding and reversing fix>m a 
current position in a media file by a media player, comprising: 

providing watermark information to a digital rights management 
15 system associated with the media player, the watermark information defining time 
intervals that limit forward and reverse progression through the media file fi-om the 
current position in the media file; and 

preventing forwarding and reversing oY the niedia file beyond flie ^ 
limits defined by the time intervals. 

20 76. The method recited in claim 75, wherein providing 

watermark information to the digital rights management system associated with the 
media player comprises providmg the watermark information m a license data 
object within a protected data base, the license data object comprismg access 
information associated with the movie file. 

25 77, The method recited in claim 76, wherein the access 

information comprises a rental model. 

78. The method recited in claim 77, wherem the rental model 
conq)rises the watermark information. 
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79. The method recited in claim 75 , wherein the digital rights 
management system associated with the media player enforces the defined time 
interval limits by preventing progression of the movie file beyond the defined time 
interval limits. 

5 80, The method recited in claim 79, wherein the digital rights 

management system associated with the media player enforces the defined time 
interval limits by tracking the user's progress in viewing the movie and restricting 
the reversing or fast-forwarding of the movie file by at least one of a hardware 
timer and a software timer. 

10 81, The method recited in claim 75, wherein providing 

watermark information to the digital rights management system associated with the 
media player comprises providmg watermarks at timed intervals in the movie file. 

82. A business method for authenticating a license to access 
content in a user-perceptible form on a user network-enabled device, comprising: 

15 providing a s^er network device, the SCTver network device 

communicating with the user network-enabled device via a communication link; 

ofiEering, for a pre-defiued remuneration, licenses associated 
v^th selected content and allovmig, when the license is enabled, the user netwoxk- 
enabled device to access the selected content in a user-perceptible form in 
20 conformance with a selected rental model; 

transferring the license associated with the selected content to 
the user network-enabled device, tlie license containing access information; and 

comparing the access information contained in the transferred 
license to pre*defined information residing on the user network-enabled device; 
25 wherein the server network device is programmed to deny 

enablement of the license if the result of the comparison is false. 

83 . A method for authorization of a license for content, the 
license being transferred from a first user network-enabled device to a second user 
network-enabled device, comprising: 
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transferring the content from the first user network-enabled device to 
the second user network-enabled device; 

. connecting the second user network-enabled device to a server 
network device, the servo: network device providing a usgt interface; 
5 obtaining a license for the content, the license comprising access 

information; and 

comparing the access information contained in the license to 
pre-defined information residing on die second user network-enabled device; 

wherein the server network device is programmed to deny 
10 enablement of the license if the result of the comparison is false. 

84. The method recited in claim 83, wherem connecting the 
second user network-enabled device to the server network device comprises 
connecting to a website on the Internet. 

83. The method recited in claim 83, wherein transferring the . 
15 content from flie first user network-enabled device to the second user network- 
enabled device comprises copying the content to ai computer readable disc, 
transporting the computer readable.disc to the location of the second user network- 
enabled device, and copying the content from the computer readable disc to the 

second user network-enabled device. 
♦ 

20 86. The method recited in claim 83, wherein transferring the 

content from the first user network-enabled device to the second user network- 
enabled device comprises downloading the content from the first user network- 
enabled device to the second user network-enabled device over a network. 

87. The method recited m claim 83, wherein transferring the 
25 content from the first user network-enabled device to the second user network- 
enabled device comprises the second user network-enabled device accessmg 
content residing on the first user network-enabled device through a file-swapping 
user mterface provided by the server network device, the file-swapping user 
interface allowing access to and transfer of content, the content residing on a 
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plurality of user network-enabled devices, the plurality of user uetwork-enabled 
devices being connected to the file-swapping user interface. 

88. The method recited in claim 87, further comprising selection 
by the user of the second user network-enabled device of content residing on the 

5 first user network-enabled device and requesting transfer of the selected content to 
the second user network-enabled device. 

89. The method recited in claim 88, further comprising 
transferring the selected content from the first user network-enabled device to the 
second network-enabled device. 
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